var csrf_token = "Ijk0NjQ5MmMxYTViZTBjOTk2MGI4ZmIxNWIwZTg5Mjk2YTMzNjgwZmIi.GrSuKg.MZ3xmeZ0b7MdkOlwKJfHcBrnmkU"; $.ajaxSetup({ beforeSend: function(xhr, settings) { if (!/^(GET|HEAD|OPTIONS|TRACE)$/i.test(settings.type) && !this.crossDomain) { xhr.setRequestHeader("X-CSRFToken", csrf_token); } } });